diff --git a/api/src/services/assets.ts b/api/src/services/assets.ts
index 807535ea35..1339b9325e 100644
--- a/api/src/services/assets.ts
+++ b/api/src/services/assets.ts
@@ -44,10 +44,6 @@ export class AssetsService {
 
 		const systemPublicKeys = Object.values(publicSettings || {});
 
-		if (systemPublicKeys.includes(id) === false && this.accountability?.admin !== true) {
-			await this.authorizationService.checkAccess('read', 'directus_files', id);
-		}
-
 		/**
 		 * This is a little annoying. Postgres will error out if you're trying to search in `where`
 		 * with a wrong type. In case of directus_files where id is a uuid, we'll have to verify the
@@ -57,6 +53,10 @@ export class AssetsService {
 
 		if (isValidUUID === false) throw new ForbiddenException();
 
+		if (systemPublicKeys.includes(id) === false && this.accountability?.admin !== true) {
+			await this.authorizationService.checkAccess('read', 'directus_files', id);
+		}
+
 		const file = (await this.knex.select('*').from('directus_files').where({ id }).first()) as File;
 
 		if (!file) throw new ForbiddenException();